Background technology
Along with the development of the Internet, more and more applying, such as game is applied and realizes itThe application of its various function, runs on client device such as computer, smart mobile phone etc..
Popularizing in particular with smart mobile phone, runs various application increasingly on smart mobile phoneHow to come into the life of people.
Many application relate to transaction.Such as user can buy commodity in the application, the most virtualOr property or service really, such as ideal money, game item etc..
Such as, in the payment system of the mobile device of existing Android system, it is integrated with GoogleThe way of paying of (Google In-APP Billing) are paid, in particular for upper in the application of companyThe payment applications in Google Play application shop.
But, during actual operation, find client create quite a lot of order andGame content provider (CP) has been also carried out the distribution of game commodity, but Google's service end is notReceive the situation of pay invoice and user-pay, thus have impact on safety of payment and game content carriesInterests for business (CP).
Existing transaction system is briefly described below with reference to Fig. 1.
Fig. 1 shows the simple schematic diagram of existing transaction system.
When user is desired with transaction, from client device 10 (such as smart mobile phone) to clearingServer 20 (such as Google's shop server) sends the request of payment.
Such as, (such as swim in the upper related application run of client device 10 (such as smart mobile phone)Play application) can by interprocess communication mode (such as Binder), with as at client deviceThe Google's shop applications run on 10 communicates.
In related application, the request (point the most in the application of certain commodity is bought in response to userHit icon or the word of certain commodity), it follows that this application and Google shop applications are led toLetter, and send, to Google's shop server, the request of payment by Google's shop applications.
Google's account settlement server 20, in response to paying request, completes to pay, and to client device10 return payment response data.Payment response data represent and complete at account settlement server 20Pay.Further, payment response data have Google's signature, for validation of payment response dataThe true and false.
Such as, asking in response to the payment from client device 10, Google's shop server canTo complete to pay according to predetermined settlement process, and the Google shop on client device 10Application returns payment response data.
It follows that payment response data are then returned to this application by broadcast by Google's shop applications(game).
Client device 10 is based on payment response data, it is determined whether completed to pay.
Particularly, this application (game) on client device 10 starts payment services, with rightPayment response data are verified, and respond according to the result.
In the case of determining and being complete payment, can further with application server 40 (exampleSuch as game server) communicate, thus it is (the most virtual or true to obtain commodity to be boughtProperty or service).
In other words, on the one hand, client device 10 communicates with account settlement server 20, to completeThe payment of expense.On the other hand, client device 10 and application server communication, to complete businessThe payment of product.
In some cases, application client device 10 installed may not have correspondenceApplication server.That is, this application only has client part, does not has server-side portion, transactionSystem only has client device 10 and account settlement server 20.In this case, having equally canCan need to carry out reimbursement of expense, simply the distribution of corresponding commodity is not entered by application server 40OK.
It addition, also under certain situation, payment expense may be had only to, without paying businessProduct.Such as, charitable contribution etc. is carried out by application.
Therefore, although in the accompanying drawing of the disclosure, application server 40 is all illustrated, butIt is to it should be understood that in safety of payment processing system (the most whole transaction system), it is entirely possible toNeed not application server 40 participate in.
Owing to not all application (game) has server end, it it is not all application (tripPlay) can carry out communicating between server, so paying in the application of Google is that one is entered based on clientA kind of means of payment of communication between journey (relying on client broadcast and Binder).This is just to marketEmperorship is purchased in a lot of opportunity of client on.
In Android (Android) client, interprocess communication data are easy to forge.Such as, may be usedSend the data of communication and payment order simulating " service of another one Google " easily,Reach the function of game application None-identified.
But, the payment response data of Google are not easy imitated.
So some so-called " inside purchasing emperorship ", the most famous Freedom.apk application,Just have selected and client set about for Google's secure verification module of validation of payment response data,Walk around Google's safety verification by every means.
The attack process of Freedom is as follows:
1, Freedom is used to start certain application (game).
2, by the way of ROOT authority have modified Host file, it is being established locally a letterSingle http server, forwards requests on this server.
3, user click on certain game commodity buy, application (game) will be to Android(Android) shop applications is initiated to pay request.
4, Freedom intercepts and captures payment request at this moment.And by the http server of oneselfOne payment response of camouflage generation simultaneously (but this payment data does not meets Google's order data labelName rule).
5, payment response data broadcast delivery is internal to application (game).
6, after application (game) internal receipt is broadcasted to this, start payment services and runGoogle's secure verification module.
7, the signature principal function of one Google's security module of now Freedom camouflage, and allow thisFunction what data the most incoming can return the result that signature is correct.
8, after having walked around signature verification, during readjustment application (game), application (game) is recognizedIt is exactly the truthful data that Google returns for these data.By the data message distribution commodity forged or tripPlay stage property (outpost of the tax office such as bought, blood volume what).
Above-mentioned fraud schemes so that application game cannot respond the true and false by validation of payment, has made phaseThe process operation answered, causes substantial amounts of assets (application commodity to application (game) developerAnd game item) run off, have a strong impact on the safety of payment of payment system.
In order to improve the safety of payment system, the interests of maintenance application (game) developer andPay the paying effectiveness of SDK (SDK), need to propose one in such as GoogleIn application under the means of payment, it is to avoid signature authentication process is bypassed, it is ensured that the solution of safety of paymentScheme.
Summary of the invention
A problem to be solved by this invention is to provide a kind of safety of payment processing method, deviceAnd system, it, it can be avoided that signature authentication process is bypassed, is further ensured that safety of payment.
According to an aspect of the invention, it is provided a kind of payment peace performed at client deviceFull processing method, including: receiving payment response data, payment response data represent at knotCalculate and server completes pay, and payment response data have the signature of pre-defined rule;To prop upPay response data and be sent to payment verification server;The result is received from payment verification server,The result represents whether payment response data have the signature of pre-defined rule;According to the resultDetermine whether to complete to pay in account settlement server.
By payment response data are sent to payment verification server, in order to taken by payment verificationBusiness device carries out signature verification, it is to avoid in the case of client device carries out signature verification canThe false the result that can walk around real signature verification and occur, it is ensured that the safety of payment.
Preferably, this safety of payment processing method can also include: sets based on being arranged on clientStandby upper safety certificate, sets up the trust data between client device and payment verification serverConnecting, for sending payment response data and receiving the result, wherein, safety certificate is usedIn validation of payment authentication server and the legitimacy of address thereof.
Connect by using safety certificate to set up trust data, it is to avoid client device withThe communication paid between authentication server is held as a hostage, and it also avoid to submit to pay to illegal server and ringsAnswer data, it is ensured that the result received by client device is real the result,Thereby further ensure that the safety paid.
Preferably, this safety of payment processing method can also include: carries out payment response dataEncryption, wherein, to the transmission of payment verification server is the payment response data after encrypting.
By payment response data are encrypted, strengthen client device and take with payment verificationData communications security between business device, such that it is able to further ensure that the safety of payment.
Preferably, the result received from payment verification server can be the checking after encryptionResult.The method can also include: by the result deciphering of encryption.
By to the encryption of the result and deciphering, strengthen client device and take with payment verificationData communications security between business device, such that it is able to further ensure that the safety of payment.
According to another aspect of the present invention, it is provided that one pays based on client deviceThe device of safe handling, including: first receives unit, is used for receiving payment response data,Pay response data represent complete in account settlement server pay, and payment response data toolThere is the signature of pre-defined rule;Transmitting element, for being sent to payment verification by payment response dataServer;Second receives unit, for receiving the result, checking from payment verification serverResult represents whether payment response data have the signature of pre-defined rule;And payment determines unit,For determining whether to complete to pay in account settlement server according to the result.
By payment response data are sent to payment verification server, in order to taken by payment verificationBusiness device carries out signature verification, it is to avoid in the case of client device carries out signature verification canThe false the result that can walk around real signature verification and occur, it is ensured that the safety of payment.
Preferably, this device can also include: trust data connection establishment unit, for based onSafety certificate on a client device is installed, sets up client device and payment verification serverBetween trust data connect, wherein, safety certificate for validation of payment authentication server andThe legitimacy of address, transmitting element is connected by trust data and sends payment response data, andTwo receive unit is connected by trust data and receives the result.
Connect by using safety certificate to set up trust data, it is to avoid client device withThe communication paid between authentication server is held as a hostage, and it also avoid to submit to pay to illegal server and ringsAnswer data, it is ensured that the result received by client device is real the result,Thereby further ensure that the safety paid.
Preferably, this device can also include: ciphering unit, for entering payment response dataRow encryption, wherein, transmitting element to payment verification server sends be ciphering unit encrypt afterPayment response data.
By payment response data are encrypted, strengthen client device and take with payment verificationData communications security between business device, such that it is able to further ensure that the safety of payment.
Preferably, the result that the second reception unit receives from payment verification server can beThe result after encryption.This device can also include: decryption unit, for testing encryptionCard result deciphering.
By to the encryption of the result and deciphering, strengthen client device and take with payment verificationData communications security between business device, such that it is able to further ensure that the safety of payment.
According to another aspect of the present invention, it is provided that a kind of safety of payment processing method, including:Send, to account settlement server, the request of payment by client device;Account settlement server is asked in response to payingHaving asked payment, and returned payment response data to client device, payment response data representComplete to pay in account settlement server, and payment response data have the label of pre-defined ruleName;Payment response data are sent to payment verification server by client device;Payment verification takesWhether business device validation of payment response data has the signature of pre-defined rule;Payment verification server toClient device sends the result;And client device determines whether according to the resultComplete to pay in account settlement server.
According to another aspect of the present invention, it is provided that a kind of safety of payment processing system, including:Client device, sends, to account settlement server, the request of payment;Account settlement server, in response to fromThe payment of client device has asked to pay, and returns payment response data to client device,Payment response data represent and complete to pay in account settlement server, and payment response dataThere is the signature of pre-defined rule;Payment verification server, receives payment response from client deviceData, whether validation of payment response data has the signature of pre-defined rule, and to client deviceSending the result, client device determines whether at account settlement server according to the resultIn complete pay.
The present invention is by being sent to payment verification server by payment response data, in order to by payingAuthentication server carries out signature verification, it is to avoid carry out the feelings of signature verification at client deviceThe false the result that may walk around real signature verification under condition and occur, it is ensured that paymentSafety.
Detailed description of the invention
It is more fully described the preferred implementation of the disclosure below with reference to accompanying drawings.Although accompanying drawingIn show the preferred implementation of the disclosure, however, it is to be appreciated that can be real in a variety of mannersShow the disclosure and should not limited by embodiments set forth herein.On the contrary, it is provided that these are implementedMode is to make the disclosure more thorough and complete, and can be complete by the scope of the present disclosureConvey to those skilled in the art.
First, transaction system according to embodiments of the present invention is briefly described with reference to Fig. 2.
Fig. 2 is the simple schematic diagram of transaction system according to embodiments of the present invention.
As in figure 2 it is shown, transaction system according to embodiments of the present invention and prior art shown in Fig. 1Transaction system compare, add payment verification server 30.
Client device 10, account settlement server 20 and payment verification server 30 are constituted togetherSafety of payment processing system according to embodiments of the present invention.Client device 10 by with clearingServer 20 and payment verification server 30 communicate and realize paying.
On the other hand, client device 10 realizes by communicating with application server 40The payment of commodity.
As mentioned above, although in the accompanying drawing of the disclosure, all illustrate application server 40,It is to be understood that in safety of payment processing system (the most whole transaction system), having completely canApplication server 40 can be need not participate in.
Safety of payment processing method according to embodiments of the present invention is described in detail below with reference to Fig. 3.
Fig. 3 schematically shows the stream of safety of payment processing method according to embodiments of the present inventionCheng Tu.
Fig. 3 shows in detail step S110~S190 performed in client device 10.More specifically, these steps can be on client device 10 install related application (such asGame application) middle execution.Wherein, in step S110 and S120 and between account settlement server 20Communication can also be to carry out via the same shop applications installed on client device 10's.
First, in step S110, in response to purchase or the payment instruction of user, client device10 (more specifically, being above-mentioned related application, can be via shop applications) are to account settlement server 20Send payment request.
Above-mentioned steps S110 is performed by client device 10 shown in Fig. 3.It is said that in general,Sent payment request by the related application on client device 10 (to send out via shop applicationsGive account settlement server 20), then payment response data are returned to this visitor by account settlement server 20This related application on family end equipment 10, in order to perform checking and the process in later stage.
However, it is also possible to sent payment request by an application on client device 10, andReceived payment response data by another application, and perform checking and the process in later stage.Or,It is also possible to be sent payment request by a client device 10, and by another client device20 receive payment response data, and perform checking and the process in later stage.
The major technique design of the safety of payment processing method of the present invention is for from clearing clothesThe checking of the payment response data of business device 20.No matter the request of payment sends therefrom, thisBright scheme can be carried out.
Account settlement server 20 is asked in response to the payment from client device 10, can be according to oneFixed settlement process completes to pay, and returns payment response data to client device 10.
Payment response data represent and complete to pay in account settlement server, and payment responseData have the signature of pre-defined rule.Owing to containing this signature, as described above, payResponse data is not easy imitated or forges.
The settlement process of account settlement server 20 can be any settlement process, as long as can be according to propping upThe request of paying completes to pay purpose.The present invention is not limited by settlement process.In order to avoid hidingCover the design of the present invention, for some details of settlement process, also repeat no more at this.
In step S120, and client device 10 (more specifically, it is above-mentioned related application, canWith via shop applications) receive payment response data from account settlement server 20.
Checking is different, in step S150, client device 10 from being performed locally in prior artPayment response data are sent to payment verification server 30.
Payment verification server 30 after client device 10 receives payment response data,According to predetermined verification method, verify whether these payment response data have the signature of pre-defined rule.
Here verification method can with in application on client device 10 in prior artThe verification method performed is identical, it is also possible to be other verification mode.
Then payment verification server 30 sends the result, checking knot to client device 10Fruit can represent whether payment response data have the signature of pre-defined rule, such that it is able to represent and prop upPay response data the truest.
In step S160, client device 10 receives checking knot from payment verification server 30Really.
So, in step S180, it is possible to determine whether at clearing clothes according to the resultBusiness device 20 completes to pay.
Next, it is possible to according to the judged result in step S180 perform commodity pay orFailure prompting.
Particularly, if judging to complete to pay in account settlement server 20 in step S180,The most such as can notify application server 40, then by client device 10 and application serviceCommunication between device 40 completes commodity and pays.
On the other hand, if judging not complete to pay in account settlement server 20 in step S180(payment verification server 30 authentication failed does not has above-mentioned signature in payment response data), then existStep S190 prompting user, pays unsuccessfully.
Here, by payment response data are sent to payment verification server 30, in order to by propping upPay authentication server 30 and carry out signature verification, it is to avoid carry out signature verification at client deviceIn the case of may walk around real signature verification and the false the result that occurs, it is ensured thatThe safety paid.
Below, improve the safety of payment processing method of embodiment according to the present invention with reference to Fig. 4 description.
Fig. 4 schematically shows the safety of payment processing method improving embodiment according to the present inventionFlow chart.
Safety of payment processing method shown in Fig. 4 is in safety of payment processing method shown in Fig. 3On the basis of add step S130, S140 and S170.The executive mode of other step and Fig. 3In corresponding steps essentially identical, only because the existence of step S130, S140 and S170 andSome adaptive amendments are made.Hereinafter will skip over some to have been noted above above with reference to Fig. 3The details of step.
Compared with safety of payment processing method shown in Fig. 3, shown in Fig. 4, improve the payment of embodimentSecurity processing added step S130 before step S150, based on being arranged on clientSafety certificate on equipment 10, set up client device 10 and payment verification server 30 itBetween trust data connect, for send payment response data and receive the result.
Safety certificate can be beforehand through client device 10 and account settlement server 20 or paymentCommunication between authentication server 30 or application server 40 or other server is downloaded and is installedOn client device 10, it is also possible to described application carries.
Safety certificate is used for validation of payment authentication server 30 and the legitimacy of address thereof.
Connect by using safety certificate to set up trust data, it is to avoid client device 10 withCommunication between payment verification server 30 is held as a hostage, and it also avoid to submit to illegal server and props upPay response data, it is ensured that the result received by client device is to verify knot reallyReally, the safety paid has been thereby further ensured that.
Compared with safety of payment processing method shown in Fig. 3, shown in Fig. 4, improve the payment of embodimentSecurity processing, after step S120, before step S150, adds step S140,Payment response data are encrypted.So, to payment verification server 30 in step S150Send is the payment response data after encrypting.Payment verification server 30 then can receiveAfter payment response data after encryption, first it is decrypted, performs checking the most again.
By payment response data are encrypted, strengthen client device 10 and payment verificationData communications security between server 30, such that it is able to further ensure that the safety of paymentProperty.
Step S130 shown in Fig. 4 is front, and step S140 is rear, but people in the artMember should be understood that the execution sequence of step S130 and S140 can overturn, it is also possible to parallel,Or one step of any of which can also be only carried out.
Correspondingly, payment verification server 30 can also return checking to client device 10Before result, the result is encrypted.
In this case, after the result received from payment verification server 30 will be encryptionThe result.Thus it is possible in step S170, by the result deciphering of encryption, in order toThe result obtained according to deciphering in step S180 judges.
By to the encryption of the result and deciphering, strengthen client device and take with payment verificationData communications security between business device, such that it is able to further ensure that the safety of payment.
In improving embodiment, step S130, S140, S170 can be independent, the most permissiblePerform one step of any of which or two steps or all perform.
Below, with reference to Fig. 5, carrying out based on client device according to embodiments of the present invention is describedPay the device of safe handling.
Fig. 5 schematically shows entering based on client device 10 according to embodiments of the present inventionThe device that row safety of payment processes.This device may be used for the safety of payment performed as shown in Figure 3Processing method.For sake of simplicity, some details of having been noted above are not discussed herein in Fig. 3.
As it is shown in figure 5, this device can include following several unit.
First transmitting element 110 is in response to the purchase of user or payment instruction, to account settlement server20 send payment request.
As described above, it is also possible to being sent payment by an application on client device 10 pleaseAsk, and received payment response data by another application, and perform checking and the process in later stage.Or, it is also possible to sent payment request by a client device 10, and by another clientEnd equipment 20 receives payment response data, and performs checking and the process in later stage.Therefore, according toThe device carrying out safety of payment process based on client device 10 of the embodiment of the present invention can alsoDo not include the first transmitting element 110.
First receives unit 120 receives payment response data from account settlement server 20.Pay and ringAnswer data to represent and complete to pay in account settlement server 20, and payment response data haveThe signature of pre-defined rule.
Payment response data are sent to payment verification server 30 by the second transmitting element 150.
Second receives unit 160 receives the result from payment verification server 30.Checking knotFruit represents whether payment response data have the signature of pre-defined rule.
Payment determines that unit 180 is for determining whether at account settlement server according to the resultIn 20 complete pay.In the case of determining and being complete payment, can be to application server 40Send notice, in order to perform the commodity payment in later stage and process.
Here, by payment response data are sent to payment verification server, in order to by payingAuthentication server 30 carries out signature verification, it is to avoid carrying out signature at client device 10 testsThe false the result that may walk around real signature verification in the case of card and occur, it is ensured thatThe safety paid.
Below, entering based on client device of embodiment is improved with reference to Fig. 6 description according to the present inventionThe device that row safety of payment processes.
Fig. 6 schematically shows and improves entering based on client device of embodiment according to the present inventionThe device that row safety of payment processes.
Improving the device of embodiment shown in Fig. 6 is that add on the basis of Fig. 5 shown device canLetter data connection establishment unit 130, ciphering unit 140 and decryption unit 170.Other unit withCorresponding units in Fig. 5 is essentially identical, only because the existence of unit 130,140 and 170 andSome adaptive amendments are made.Hereinafter will skip over some to have been noted above above with reference to Fig. 5The details of unit.
Compared with the device described in Fig. 5, the device improving embodiment shown in Fig. 6 adds credibleData cube computation sets up unit 130, is used for based on the safety certificate being arranged on client device 10,The trust data set up between client device 10 with payment verification server 30 is connected, withIn sending payment response data and receiving the result.
Safety certificate can be beforehand through client device 10 and account settlement server 20 or paymentCommunication between authentication server 30 or application server 40 or other server is downloaded and is installedOn client device 10, it is also possible to described application carries.
Safety certificate is used for validation of payment authentication server and the legitimacy of address thereof.
So, the second transmitting element 150 can be connected by trust data and sends payment responseData, second receives unit 160 can be connected by trust data and receive the result.
Connect by using safety certificate to set up trust data, it is to avoid client device withThe communication paid between authentication server is held as a hostage, and it also avoid to submit to pay to illegal server and ringsAnswer data, it is ensured that the result received by client device is real the result,Thereby further ensure that the safety paid.
It addition, the device improving embodiment shown in Fig. 6 also add ciphering unit 140, it is used forPayment response data are encrypted.Such second transmitting element 150 is to payment verification serverSend is the payment response data after ciphering unit 140 is encrypted.
By payment response data are encrypted, strengthen client device 10 and payment verificationData communications security between server 30, such that it is able to further ensure that the safety of paymentProperty.
Correspondingly, payment verification server 30 can also return checking to client device 10Before result, the result is encrypted.
In this case, second unit 160 is received from testing that payment verification server 30 receivesCard result can be the result after encryption.The device improving embodiment shown in Fig. 6 is all rightIncluding decryption unit 170, for by the result deciphering of encryption.
By to the encryption of the result and deciphering, strengthen client device and take with payment verificationData communications security between business device, such that it is able to further ensure that the safety of payment.
In improving embodiment, trust data connection establishment unit 130, ciphering unit 140 andDecryption unit 170 can be independent, and the device i.e. improving embodiment can include any of whichOne unit or two unit or all include.
Brief review safety of payment processing system the most according to embodiments of the present invention and whole belowPayment process.
Safety of payment processing system according to embodiments of the present invention includes client device 10, clearingServer 20 and payment verification server 30.
First, client device 10 payment request is sent to account settlement server 20.
It follows that account settlement server 20 is in response to paying request, complete to pay, and to clientEquipment 10 returns payment response data.Payment response data represent at account settlement server 20In complete to pay, and payment response data have the signature of pre-defined rule.
Payment response data are sent to payment verification server 30 by client device 10.
Whether payment verification server 30 validation of payment response data has the signature of pre-defined rule.
Payment verification server 30 sends the result to client device.
Client device 10 according to the result determine whether in account settlement server 20 completeBecome to pay.
By payment response data are sent to payment verification server 30, in order to by payment verificationServer 30 carries out signature verification, it is to avoid carry out signature verification at client device 10In the case of may walk around real signature verification and the false the result that occurs, it is ensured that paySafety.
Above describe in detail at safety of payment according to embodiments of the present invention by reference to accompanying drawingReason method, device and system.
Additionally, method according to embodiments of the present invention is also implemented as a kind of computer program productProduct, this computer program includes computer-readable medium, on the computer-readable mediumStorage has the computer program of the above-mentioned functions limited in the method for perform the present invention.AbilityField technique personnel will also understand is that, in conjunction with the various example logic described by disclosure hereinBlock, module, circuit and algorithm steps may be implemented as electronic hardware, computer software or twoThe combination of person.
Flow chart in accompanying drawing and block diagram show the multiple embodiments according to the present invention system andArchitectural framework in the cards, function and the operation of method.In this, flow chart or block diagramIn each square frame can represent a module, program segment or a part for code, described module,A part for program segment or code comprise one or more for realize regulation logic function canPerform instruction.It should also be noted that some as replace realization in, institute's labelling in square frameFunction can also occur to be different from accompanying drawing the order of institute's labelling.Such as, two continuous print sidesFrame can essentially perform substantially in parallel, and they can also perform sometimes in the opposite order,This is depending on involved function.It is also noted that each side in block diagram and/or flow chartThe combination of the square frame in frame and block diagram and/or flow chart, can with perform regulation function orThe special hardware based system of operation realizes, or can use specialized hardware and computerThe combination of instruction realizes.
Being described above various embodiments of the present invention, described above is exemplary, notExhaustive, and it is also not necessarily limited to disclosed each embodiment.Without departing from illustrated each realityIn the case of executing the scope and spirit of example, permitted for those skilled in the artMany modifications and changes will be apparent from.The selection of term used herein, it is intended to bestExplain the principle of each embodiment, actual application or the improvement to the technology in market, or make thisOther those of ordinary skill of technical field is understood that each embodiment disclosed herein.